On Tue, 24 Aug 2010 16:28:29 +0000, Mamadou Touré <e2ia.ci_at_gmail.com>
wrote:
> Hi i'd like to know if it is possible to make a transparent proxy of
> https traffric with squid and tproxy.
> regards.
It is possible to use TPROXY to pass HTTPS traffic to a listening port on
Squid, just as it was possible with NAT and WCCP.
Squid will currently not relay raw bytes on without confirmation of the
traffic type and security controls for you the admin to block if it's bad.
SSL also ensures/requires end-to-end security by embeding details about the
TCP link into the keys used across it. Committing MITM attack as well as
decryption attack is an outright crime in many places around the world.
NP: ssl-bump feature dodges around these crime aspects by only working for
CONNECT requests where the client is well aware its using a proxy and is
configured to trust the proxy certificates it receives back from the
decryption.
Amos
Received on Wed Aug 25 2010 - 02:51:16 MDT
This archive was generated by hypermail 2.2.0 : Wed Aug 25 2010 - 12:00:02 MDT